How to address 1st-party tracker blocking?

[aeris]

Helle here!

Since friday, we hit a case of 1st-party tracking that seems to be unblockable.

This occurs on https://www.liberation.fr/, embedding a 1st-party tracker f7ds.liberation.fr, which point to a ugly tracking provider Eulerian via the CNAME liberation.eulerian.net.

This provider clearly states it provide unblockable tracker

Seems Criteo starts to ask the same to their customer, with 1st-party tracking pointing to *.dnsdelegation.io subdomain.

In this case, it seems really difficult to block such tracker by tools like uBlock:

• subdomain is mostly random (f7ds.example.org), even if we found some ea.* pattern
• detection can sometime be done with CNAME resolution (to *.eulerian.net or *.dnsdelegation.io), but this is difficult to integrate to browser (those steps are internal to DNS client resolver)
• IP filtering is not efficient, tracker provider can easily change IP without notifying it customers. CNAME change is more complex, but provider can generate quite a bunch on random subdomain in advance and ask it customer to change the subdomain in case of too high blocking (or proactively trigger a rotation each X days).

Do you have any way to detect then block such content from the browser?
The only (not so) efficient way I have at the moment is using DNS tools like PiHole to blacklist range of IP and CNAME pattern resolution (with regex, hostfile not usable here). And even this way, it doesn't cover all the possible case… Even tools like µMatrix seems totally inefficient on such tracker…

[liamengland1]

Maybe a scriptlet? Are there other sites on which this tracking is used?

[aeris]

With DNS analysis, we found at least those customers.
Acadomia, Attractiv World, Conforama, Carrefour, Center Parks, Celio, Corsair, Devialet, Leclerc, Easy Voyage, La Redoute, Futuroscope, Française des Jeux, FNAC, Look Voyage, Lafuma, Malakoff Médéric, Michelin, Monoprix, Numericable, Office Dépôt, Ooreka, Photobox, Petit Bateau, Pixmania, PMU, Tam Tam, Promofarma, Quiksilver, Skoda, Smartbox, Locasun, Vente Unique, Voyage Privé, Voyages SNCF, Virgin Mobile, and so more (700+ domains found).
It doesn't say it's currently on production, but DNS delegation and CNAME are ready to be deployed on 1st-party sites.

[aeris]

At least one already in production on oui.sncf

[liamengland1]

@aeris for uBo add:

liberation.fr,officedepot.fr,oui.sncf##+js(acis, document.createElement, /parseInt.+?3600000/)

However the domain names don't seem to change so they can probably be blocked in EasyPrivacy.

[okiehsch]

Do you have any way to detect then block such content from the browser?

We can disable the inline-script that triggers the 1st party scripts

I added
liberation.fr,officedepot.fr,oui.sncf##+js(acis, document.createElement, '.js')
to uBO-privacy.

[krystian3w]

AdguardTeam/AdguardFilters@a988faf

AdguardTeam/AdguardFilters@00975df

[guillaumef]

This domain is owned by a https://uniregistry.com ... a registrar reseller.
The domain is for sale...

$ dig +short aeris.liberation.net
69.172.201.153
It is called a wildcard ...
*.liberation.net IN A 69.172.201.153

You made a typo and you have a lot of imagination, conspiracy theory ?
Eulerian is using f7ds.liberation.fr and nothing changed.

[aeris]

Oh my god, I miss the domain 😭 Sorry… 😨

[uBlock-user]

https://trackingthetrackers.com/

Should help filterlist maintainers collecting/checking domains there before adding.